From adcce5f855b682de660afd881ff554ea735f2b2c Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Wed, 22 Jan 2025 16:16:54 -0300
Subject: [PATCH] Use systemd-sysusers for opendnssec user management

Resolves: RHEL-75905

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
---
 opendnssec-sysusers.conf |  1 +
 opendnssec.spec          | 16 ++++++++++------
 2 files changed, 11 insertions(+), 6 deletions(-)
 create mode 100644 opendnssec-sysusers.conf

diff --git a/opendnssec-sysusers.conf b/opendnssec-sysusers.conf
new file mode 100644
index 0000000..b47c25f
--- /dev/null
+++ b/opendnssec-sysusers.conf
@@ -0,0 +1 @@
+u ods - "opendnssec daemon account"
diff --git a/opendnssec.spec b/opendnssec.spec
index a463e64..8b4b7f3 100644
--- a/opendnssec.spec
+++ b/opendnssec.spec
@@ -4,7 +4,7 @@
 Summary: DNSSEC key and zone management software
 Name: opendnssec
 Version: 2.1.10
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: BSD
 Url: http://www.opendnssec.org/
 Source0: http://www.opendnssec.org/files/source/%{?prever:testing/}%{name}-%{version}%{?prever}.tar.gz
@@ -16,6 +16,7 @@ Source5: tmpfiles-opendnssec.conf
 Source6: opendnssec.cron
 Source7: opendnssec-2.1.sqlite_convert.sql
 Source8: opendnssec-2.1.sqlite_rpmversion.sql
+Source9: %{name}-sysusers.conf
 
 Patch1:    0001-Pass-right-remaining-buffer-size-in-hsm_hex_unparse-.patch
 Patch1001: 1001-opendnssec-c99.patch
@@ -81,6 +82,7 @@ install -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/ods
 install -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/opendnssec/
 mkdir -p %{buildroot}%{_tmpfilesdir}/
 install -m 0644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/opendnssec.conf
+install -D %{SOURCE9} %{buildroot}%{_sysusersdir}/%{name}.conf
 mkdir -p %{buildroot}%{_localstatedir}/run/opendnssec
 mkdir -p %{buildroot}%{_datadir}/opendnssec/
 cp -a enforcer/utils %{buildroot}%{_datadir}/opendnssec/migration
@@ -116,13 +118,11 @@ sed -i "s:sqlite_convert.sql:%{_datadir}/opendnssec/migration/1.4-2.0_db_convert
 %{_bindir}/*
 %attr(0755,root,root) %dir %{_datadir}/opendnssec
 %{_datadir}/opendnssec/*
+%{_sysusersdir}/%{name}.conf
 
 %pre
-getent group ods >/dev/null || groupadd -r ods
-getent passwd ods >/dev/null || \
-useradd -r -g ods -d /etc/opendnssec -s /sbin/nologin \
--c "opendnssec daemon account" ods
-exit 0
+
+%sysusers_create_package %{name} %{SOURCE9}
 
 %post
 # Initialise a slot on the softhsm on first install
@@ -181,6 +181,10 @@ ods-enforcer update all >/dev/null 2>/dev/null ||:
 %systemd_postun_with_restart ods-signerd.service
 
 %changelog
+* Wed Jan 22 2025 Rafael Jeffman <rjeffman@redhat.com> - 2.1.10-2
+- Use systemd-sysusers to create users
+  Resolves: RHEL-75905
+
 * Thu Apr 27 2023 Rafael Guterres Jeffman <rjeffman@redhat.com> - 2.1.10-1
 - Upstream release 2.1.10.
   Resolves: rhbz#1981324